From f24c60c3fbdafb597d049110cd60909ba201e61c Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Sat, 27 Oct 2007 23:08:13 -0500
Subject: [PATCH] Better handling of SVG attributes which admit uri refs Just
 strip out the URI ref, leaving alternates.

---
 vendor/plugins/HTML5lib/lib/html5/sanitizer.rb   |  6 +++---
 .../HTML5lib/testdata/sanitizer/tests1.dat       | 16 ++++++++--------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb b/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb
index 26977ba4..cb7d5930 100644
--- a/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb
+++ b/vendor/plugins/HTML5lib/lib/html5/sanitizer.rb
@@ -123,9 +123,9 @@ module HTML5
                 if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ and !self.class.const_get("ALLOWED_PROTOCOLS").include?(val_unescaped.split(':')[0])
                   attrs.delete attr
                 end
-                SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
-                  attrs.delete attr if attrs[attr].to_s.downcase =~ /url\(\s*[^#]/m
-                end
+              end
+              SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
+                attrs[attr] = attrs[attr].to_s.gsub(/url\s*\(\s*[^#\s][^)]+?\)/m, ' ') if attrs[attr]
               end
               if attrs['style']
                 attrs['style'] = sanitize_css(attrs['style'])
diff --git a/vendor/plugins/HTML5lib/testdata/sanitizer/tests1.dat b/vendor/plugins/HTML5lib/testdata/sanitizer/tests1.dat
index 6ef50d41..7d2bb904 100644
--- a/vendor/plugins/HTML5lib/testdata/sanitizer/tests1.dat
+++ b/vendor/plugins/HTML5lib/testdata/sanitizer/tests1.dat
@@ -424,15 +424,15 @@
 
   {
     "name": "absolute_uri_refs_in_svg_attributes",
-    "input": "<rect fill='url(http://bad.com/)' />",
-    "rexml": "<rect></rect>",
-    "xhtml": "<rect></rect>",
-    "output": "<rect/>"
+    "input": "<rect fill='url(http://bad.com/) #fff' />",
+    "rexml": "<rect fill='  #fff'></rect>",
+    "xhtml": "<rect fill='  #fff'></rect>",
+    "output": "<rect fill='  #fff'/>"
   },
 
   {
     "name": "uri_ref_with_space_in svg_attribute",
-    "input": "<rect fill=\"url(\n#foo)\" />",
+    "input": "<rect fill='url(\n#foo)' />",
     "rexml": "<rect fill=\'url(\n#foo)\'></rect>",
     "xhtml": "<rect fill=\'url(\n#foo)\'></rect>",
     "output": "<rect fill=\'url(\n#foo)\'/>"
@@ -441,8 +441,8 @@
   {
     "name": "absolute_uri_ref_with_space_in svg_attribute",
     "input": "<rect fill=\"url(\nhttp://bad.com/)\" />",
-    "rexml": "<rect></rect>",
-    "xhtml": "<rect></rect>",
-    "output": "<rect/>"
+    "rexml": "<rect fill=' '></rect>",
+    "xhtml": "<rect fill=' '></rect>",
+    "output": "<rect fill=' '/>"
   }
 ]